Check and update the IP filtering rules on you DD-WRT router

The other day I was checking my router when I came across these rather weird rules in the INPUT chain:

ACCEPT     0    --  194.231.229.20       0.0.0.0/0           
ACCEPT     0    --  212.65.2.116         0.0.0.0/0           

Since I didn’t add them, I was a bit surprised (and worried) that they are there. After a bit of searching, it looks like they were added at some point during DD-WRT’s development and will be removed in future versions.

Anyway, you can permanently remove those 2 rules by doing:

nvram set ral=""
nvram commit
reboot
Advertisements

Restore default PostgreSQL maintenance database ‘postgres’

I guess one of the ways you learn is when you screw up – I had such an opportunity today when I tried to restore a PostgreSQL database via a script (using "psql"); I forgot to define a database name and ended up dumping a load of tables and stuff into the "postgres" database.

Anyway, here’s how to restore the default PostgreSQL maintenance database "postgres" under Xubuntu 8.04 – but please check the code below and backup your existing database directory and config files before you try it!

su
/etc/init.d/postgresql-8.3 stop
rm "/var/run/postgresql/8.3-main.pid"   # In case there's an old pid file or postgresql-8.3 init.d stop will complain...

# Backup the existing db
cd /var/lib/postgresql/8.3
mv main main_bak

cd /usr/lib/postgresql/8.3/bin
sudo -u postgres ./initdb --pgdata /var/lib/postgresql/8.3/main

cd /var/lib/postgresql/8.3/main
rm *.conf       # Force system to use the config files in /etc/postgresql/8.3/main
# The following 3 files existed in the default installation
ln -s /etc/postgresql-common/root.crt .
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem server.crt
ln -s /etc/ssl/private/ssl-cert-snakeoil.key server.key

/etc/init.d/postgresql-8.3 start

sudo -u postgres psql -c "ALTER USER postgres WITH ENCRYPTED PASSWORD '[Password]';"
Posted in Tips. 2 Comments »

The parable of traffic cones

The story below was from the sermon this morning and it deeply moved me. Please give it a careful read and maybe you will find it helpful too.

I read this story a couple of days ago although it’s not actually recent. "On 12 December 1984 dense fog shrouded the M25 near London. The hazard warning lights were on, but were ignored by most drivers. At 6.15 am, a truck carrying huge rolls of paper was involved in an accident, and within minutes the carriageway was engulfed in carnage. Dozens of cars were wrecked. Ten people were killed. A police patrol car was soon on the scene, and two policemen ran back up the motorway to stop oncoming traffic.

They waved their arms and shouted as loud as they could, but most drivers took no notice and raced on towards the disaster that awaited them. The policemen then picked up traffic cones and flung them at the cars’ windscreens in a desperate attempt to warn drivers of the danger. One policeman told how tears streamed down his face as car after car went by and he waited for the sickening sound of impact as they hit the growing mass of wreckage further down the road."

Is God throwing down any traffic cones at our windscreens? Is He sitting back and laughing as men and women run towards Hell or is He down on the road in the fog throwing some traffic cones?

The good news is there are traffic cones being thrown. There is a way out if you want it. if you don’t want it, God will honor that. He won’t force you to come into Heaven.

There will come a day when God will say to the people who hate Him, "Ok, you can have what you asked for – you can live without me."

But those people will experience punishment – they will live with their horrifically increasing sinfulness for ever and ever. They will experience death and destruction – they will be unrenewed, incomplete and ruined forever. They will experience separation – every good and lovely blessing that comes from God (which is everything good) will no longer be a part of their lives, eternally.

F-Secure sticker poll 2008

There’s a poll to decided the jokes that will go onto the F-Secure laptop stickers. The candidates are quite good – go check them out yourself:

Here are the ones I’ve chosen:

Poll #1
layer 8 protected
Honey, let's get wild and do it without protection    // Or, may I suggest this? lol.
Gone Phishing
Malware Inside
I don't need lunch, I have spam
I have a spare hand for a TCP handshake               // lol, good one!
Aren't you tired of being a man in the middle?
Delete WINDOWSSYSTEM32 for added stability           // :-D .
I went looking for pr0n and all I got was this lousy rootkit    // What a shame...
I'm running Antivirus XP 2008                         // You'd get this one if you've read a previous posting on the F-Secure blog
My computer has a greater purpose; it is trying to improve people's sex life
I'm vulnerable. Patch me

Poll #2
Vista Ready but Linux loaded                   // lol, I really like this one
Please don't jack my click                     // Pretty please....
There's no place like 127.0.0.1 !!             // This never get old!
These aren't the droids you're looking for
Spam: It's Not Just In Cans Anymore
Will break CAPTCHA for food                    // I can actually visualize this on a piece of cardboard sign...
Trojan Inside
The MD5 is D41D8CD98F00B204E9800998ECF8427E
Passwords are just like underwear, I've change mine, have U?
My password is: 'or 1=1--                      // ;-) .
Social networking is fun and secure

VirtualBox wireless bridged networking

Right, it’s been a while since I’ve blogged about something useful (what with the move to Australia and all), so to start things off, here’s my experience with getting bridged networking for virtual machines to work over a wireless network.

First thing first, an overview diagram:

Network diagram - click for larger version

The aim here is to bridge the 2 vbox interfaces ("vbox0 and" "vbox1") with wlan0 (which hooks up to the router). In a wired ethernet scenario, you’d simply create a bridge between eth0, vbox0 and vbox1 and you’re done – but since that doesn’t work with wireless networks, you’d need a tool called "parprouted" to bridge between wlan0 and the vbox interfaces. Note because I have more than 1 vbox interface, I’m using a bridge ("br0") as the target interface for parprouted to "bridge" to.

Anyway, enough talk, here are the code to get it working (I assume your wlan0 interface is working at the moment):

su

# Creating the 2 vbox interfaces - replace "USER" with your own user name
VBoxAddIF vbox0 USER br0
VBoxAddIF vbox1 USER br0

# Create the bridge with the 2 vbox interfaces
brctl addbr br0
brctl addif br0 vbox0 vbox1
ifconfig vbox0 up	# Just in case
ifconfig vbox1 up	# Just in case
ifconfig br0 up

# Enable IP forwarding
sysctl net.ipv4.ip_forward=1
# Proxy ARP to the VMs
sysctl net.ipv4.conf.wlan0.proxy_arp=1

# Create the "bridge" between wlan0 and br0
parprouted wlan0 br0

# Add the routes to the VMs - note you'll have to change the IP addresses if you use different IP address for the VMs
route add -net 192.168.1.200 netmask 255.255.255.255 metric 50 br0
route add -net 192.168.1.201 netmask 255.255.255.255 metric 50 br0

# Now run your virtual machine, attach it to vbox0 / vbox1, and assign either 192.168.1.200 or 192.168.1.201 to it.

Once you get this working, you can then package the above code into a script which you can call when doing ifup and ifdown – let me know if you are interested in that script :-) .

If you are interested in a more detailed explanation, this article should explain the process above in more details.